TOPIC: User login with username/password: development questions

I need to implement the way for users to log in using username/password.

Users should be able to register for the system, then use their credentials when they want to participate in any of the surveys available.

I understand that to achieve this I will have to make some modifications to the engine. It's not ideal, but we want to have a database of users and give them the ability to complete a number of surveys.

Tokens should still be used for tracking survey progress for individual users.

Users will be identified by their email address. A User wants to participate in a survey. They first presented with a login screen. A user then fills in their email address and password, click 'Login' and a token is automatically created for this user to use in a survey. (Remove a step with sending an invitation email)

So I have some development related questions:

Presume that i have created another database table to hold user details. If I have an external page to login, I can check if a user exists in that database table, but what is the best way to store the state of a user thats logged in?

Is it better to create a session variable during the login process, say

$_SESSION[survey_user][authorized]=true;

And then in survey/index.php check if this SESSION variable set to true? If it's not set to true, then redirect user to the login screen

I couldn't find my way around session functions in LimeSurvey framework. So will probably have to use basic $_SESSION variable manipulation. Unless someone can give me a nice example of loading all required back end functions to a custom php page and some functions for manipulating sessions?

Or is there a better way? Maybe re-using administrator's User-related functions? Has anyone done this before?

The administrator has disabled public write access.

JavaScript is currently disabled.Please enable it for a better experience of Jumi.

User login with username/password: development questions
2 years 5 days ago #94238

- helpers/frontend_helper.php:
Instead of displaying a new registration form, just create a new token and save in the database. Where you have "if (isset($thissurvey) && $thissurvey == "Y")"

//echo templatereplace(file_get_contents($sTemplatePath."register.pstpl"),array(),$redata,'frontend_helper[1599]'); $tokentable=$dbprefix."tokens_".$surveyid;$user_email=$_SESSION['user_login']['email'];$baselang= Survey::model()->findByPk($surveyid)->language;// check if the token exists in a database token_XXX for this user $qry="SELECT * FROM {{tokens_$surveyid}} WHERE email='$user_email'";$qryrow= Yii::app()->db->createCommand($qry)->queryRow();if(!$qryrow){// it doesn't, then create a token in the database token_XXX with $_SESSION[user_login][details]$tokenlength=15;while($mayinsert!=true){$newtoken= randomChars($tokenlength);$ntquery="SELECT * FROM {{tokens_$surveyid}} WHERE token='$newtoken'";$usrow= Yii::app()->db->createCommand($ntquery)->queryRow();if(!$usrow){$mayinsert=true;}}// Insert new entry into tokens db
Tokens_dynamic::sid($thissurvey['sid']);$token=new Tokens_dynamic;$token->firstname=$_SESSION['user_login']['firstname'];$token->lastname=$_SESSION['user_login']['lastname'];$token->email=$user_email;$token->emailstatus='OK';$token->token=$newtoken;$result=$token->save();$token=$token->token;// then redirect to the survey XXX witht the token id$surveylink= Yii::app()->createAbsoluteUrl("/survey/index/sid/{$surveyid}",array('lang'=>$baselang,'token'=>$newtoken));}else{// it does, then redirect to the survey XXX with the token id$surveylink= Yii::app()->createAbsoluteUrl("/survey/index/sid/{$surveyid}",array('lang'=>$baselang,'token'=>$qryrow['token']));}// redirectheader("Location: $surveylink");

- in RegisterController.php:
using a similar workaround to stop sending users a confirmation email

So now when users want to participate in a survey, they have to login (username and password from separate DB) or register.
Tokens are still enabled to track responses.
Public registration is turned on. But now instead of seeing a token registration form (the one that asks you for name and email address) a new token is created automatically.

This works just as it should. But I would like to integrate the whole registration/login process into the LimeSurvey and have it as a plugin so I don't have to modify much source code.

I am still finding it hard to get around the Yii framework.
Can you please point me in the right direction?

Do I need to have a new Controller etc. for this?
I'm thinking:
- controllers/userauth/login.php - to control login process? check DB, display error message, etc.
- controllers/userauth/register.php - same as above, but registration functions
- controllers/userauth/logout.php - well, clear the session, etc.

models/Userauth.php - does this need to represent my additional database table for users?

What other files I need to modify in order to get this all working together with limeSurvey?
And what about displaying all this stuff? Do I need to have any other files to manage how this all is displayed?